Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-25 09:34:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add and update some FIXME comments about origin handling with iframes.

Browse source
This commit is contained in:
Ms2ger 2016-05-02 12:34:08 +02:00
parent 68076fbd7b
commit eba74554f3
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
components/compositing/constellation.rs
View file

@ -990,11 +990,12 @@ impl<LTF: LayoutThreadFactory, STF: ScriptThreadFactory> Constellation<LTF, STF>
// then reuse the script thread in creating the new pipeline // then reuse the script thread in creating the new pipeline
let source_url = &source_pipeline.url; let source_url = &source_pipeline.url;
// FIXME(#10968): this should probably match the origin check in
// HTMLIFrameElement::contentDocument.
let same_script = source_url.host() == new_url.host() && let same_script = source_url.host() == new_url.host() &&
source_url.port() == new_url.port() && source_url.port() == new_url.port() &&
load_info.sandbox == IFrameSandboxState::IFrameUnsandboxed; load_info.sandbox == IFrameSandboxState::IFrameUnsandboxed;
// FIXME(tkuehn): Need to follow the standardized spec for checking same-origin
// Reuse the script thread if the URL is same-origin // Reuse the script thread if the URL is same-origin
let script_chan = if same_script { let script_chan = if same_script {
debug!("Constellation: loading same-origin iframe, \ debug!("Constellation: loading same-origin iframe, \

4
components/script/dom/htmliframeelement.rs
View file

@ -429,6 +429,8 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
// https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
fn GetContentDocument(&self) -> Option<Root<Document>> { fn GetContentDocument(&self) -> Option<Root<Document>> {
self.GetContentWindow().and_then(|window| { self.GetContentWindow().and_then(|window| {
// FIXME(#10964): this should use the Document's origin and the
// origin of the incumbent settings object.
let self_url = self.get_url(); let self_url = self.get_url();
let win_url = window_from_node(self).get_url(); let win_url = window_from_node(self).get_url();
@ -582,6 +584,8 @@ impl VirtualMethods for HTMLIFrameElement {
// iframes, and since that would cause a deadlock, don't do it. // iframes, and since that would cause a deadlock, don't do it.
let ConstellationChan(ref chan) = *window.constellation_chan(); let ConstellationChan(ref chan) = *window.constellation_chan();
let same_origin = { let same_origin = {
// FIXME(#10968): this should probably match the origin check in
// HTMLIFrameElement::contentDocument.
let self_url = self.get_url(); let self_url = self.get_url();
let win_url = window_from_node(self).get_url(); let win_url = window_from_node(self).get_url();
UrlHelper::SameOrigin(&self_url, &win_url) UrlHelper::SameOrigin(&self_url, &win_url)